UW-IMAP Newbie can't log into new server

UW-IMAP Newbie can't log into new server

Post by Gwen Mors » Wed, 27 Jul 2005 07:28:49

X-No-Archive: Yes

Newbie question. This is for a mail server on my home FC4 machine.

I built the latest UW-IMAP imapd from source and moved it to

configured xinetd to run the following script on startup:

service imap
socket_type = stream
wait = no
user = root
server = /usr/sbin/imapd
log_on_success += HOST DURATION
log_on_failure += HOST
disable = no

added my localhost/local network machines to /etc/hosts.allow for imap:

# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.

imapd: 192.168.2.,

made sure to restart the xinetd service (as well as eventually simply
rebooting the machine).

I configured kmail to check an IMAP account on "localhost" on port 143.

Here's where things break down. I type in the user name and password of
my regular (non-root) user account.

kmail gives me this error message:
Unable to login. Probably the password is wrong.
The server replied:
LOGIN failed

When I telnet to 143, it appears the server is up and running:

[goldmoon@localhost ~]$ telnet localhost 143
Connected to localhost.localdomain (
Escape character is '^]'.
LOGINDISABLED] localhost.localdomain IMAP4rev1 2004.357 at Mon, 25 Jul
2005 18:22:11 -0400 (EDT)

So, now the question becomes, what do I do so that I can log into this
server? Do I have to configure "accounts" in a specific file? Did I
miss a key step?


UW-IMAP Newbie can't log into new server

Post by Mark Crisp » Wed, 03 Aug 2005 02:15:01

The key is the "LOGINDISABLED".

By default, UW imapd will not permit plaintext password authentication on
an unencrypted IMAP session. To log in, you must do one of the following:
. negotiate TLS encryption (STARTTLS command on port 143 server)
. negotiate SSL encryption (port 993 server)
. use a non-plaintext means of authentication, such as Kerberos or

To build UW imapd so it permits plaintext password authentication on
unencrypted IMAP sessions, read the imap-200?/docs/BUILD and
imap-200?/docs/SSLBUILD files. Note, however, that doing plaintext
password authentication on an unencrypted IMAP session is the m ***
equivalent of reading your credit card number and expiration date on a pay
phone in an airport; anyone can eavesdrop upon you and thus steal your

Unencrypted sessions have another problem; it is trivial to hijack the
session and once seized use your authenticated session for nefarious
purposes. In general, it's better to use encrypted sessions exclusively.

-- Mark --

Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.